CN113169865A - Control device, industrial control system, and encryption key life prolonging method - Google Patents
Control device, industrial control system, and encryption key life prolonging method Download PDFInfo
- Publication number
- CN113169865A CN113169865A CN201980077412.6A CN201980077412A CN113169865A CN 113169865 A CN113169865 A CN 113169865A CN 201980077412 A CN201980077412 A CN 201980077412A CN 113169865 A CN113169865 A CN 113169865A
- Authority
- CN
- China
- Prior art keywords
- key
- control device
- lifetime
- encryption key
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000004891 communication Methods 0.000 claims abstract description 97
- 238000009826 distribution Methods 0.000 claims abstract description 57
- 238000001514 detection method Methods 0.000 claims abstract description 21
- 238000005304 joining Methods 0.000 claims description 30
- 238000012544 monitoring process Methods 0.000 claims description 28
- 238000012545 processing Methods 0.000 claims description 20
- 238000003860 storage Methods 0.000 claims description 15
- 238000010586 diagram Methods 0.000 description 10
- 230000004044 response Effects 0.000 description 8
- 230000000694 effects Effects 0.000 description 5
- 230000005856 abnormality Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000014509 gene expression Effects 0.000 description 4
- 238000010248 power generation Methods 0.000 description 4
- 239000000470 constituent Substances 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- FFBHFFJDDLITSX-UHFFFAOYSA-N benzyl N-[2-hydroxy-4-(3-oxomorpholin-4-yl)phenyl]carbamate Chemical compound OC1=C(NC(=O)OCC2=CC=CC=C2)C=CC(=C1)N1CCOCC1=O FFBHFFJDDLITSX-UHFFFAOYSA-N 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 239000008399 tap water Substances 0.000 description 1
- 235000020679 tap water Nutrition 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The control device is configured to communicate with another device via a communication network, and includes: a key acquisition unit configured to acquire, from a key distribution server via a communication network, an encryption key having a lifetime, the encryption key being used to perform encrypted communication with the other device; an encryption communication unit configured to perform encryption communication with another device using an encryption key during a lifetime; a server state detection unit configured to detect a key-unacquirable state in which the encryption key cannot be acquired by the key acquisition unit; and a lifetime extension unit configured to execute a lifetime extension process for extending the lifetime period when it is detected that the key state cannot be acquired.
Description
Technical Field
The present invention relates to a control system, and more particularly, to improvement of safety of a distributed control apparatus.
Background
In recent years, Industrial Control Systems (ICS) supporting infrastructure such as oil, gas, electric power, and manufacturing are connected to an external network, and security measures against cyber attacks are increasingly important. As a device for controlling a plant such as a power generation plant or a manufacturing plant, which is one of industrial Control systems, a Distributed Control System (DCS) is known, which controls a plant while communicating with a plurality of Control devices. DCS is connected to a plurality of field devices installed in a factory via a control network, and controls or monitors these field devices (see patent documents 1 to 2). Each of the control devices constituting the distributed control device is connected to an HMI (human Machine interface) or the like for operating and monitoring the plant via a control information network constructed by an ethernet (registered trademark) or the like, and thereby controls each of the field devices based on a command transmitted from a computer external to the HMI or the like. Further, a network attack on an industrial control system including such DCS can be an attack method widely used in an information system, such as a dos (denial of service) attack, impersonation, eavesdropping, and falsification.
On the internet, confidentiality of communication is ensured by encrypting communication data. For example, in the SSL communication, at the start of communication, a valid session Key (public Key) is exchanged only for a certain period (with a lifetime) by a Key exchange protocol such as ike (internet Key exchange), and communication data is encrypted using the session Key. Further, a Key Distribution Center (KDC) is provided, and each user device acquires a session Key from the Key Distribution Center and uses the session Key for encrypted communication between the devices. Patent document 3 discloses a service providing apparatus that extends the validity period of a ticket (ticket) for certifying authentication, authority, and the like of a user in response to a request.
Prior art documents
Patent document
Patent document 1: japanese patent laid-open publication No. 2011-221846
Patent document 2: japanese patent laid-open No. 2012 and 226680
Patent document 3: japanese patent laid-open publication No. 2004-171524
Disclosure of Invention
Problems to be solved by the invention
When a server (key distribution server) for distributing a session key for encrypted communication is introduced into an industrial control system, if the key distribution server is stopped by a malicious network attack such as a hardware failure or a DoS attack, communication between control devices in a distributed control device becomes impossible at the end of the lifetime of the session key. This makes it impossible to monitor or operate process data from the HMI or the like and to communicate between the control devices at the end of the lifetime of the session key, and the interlock operation of making the control target stop urgently reduces the operating rate of the control target.
As a countermeasure, a method of making the key assignment servers redundant, for example, double, is conceivable, but if all the key assignment servers are stopped, there is a risk of the operating rate of the control target being lowered as described above. As another countermeasure, an encryption key without lifetime limitation is considered, but there is a risk that all encrypted data is decrypted.
In view of the above, an object of at least one embodiment of the present invention is to provide a distributed control apparatus having improved safety performance and reliability.
Means for solving the problems
(1) A control device according to at least one embodiment of the present invention is configured to communicate with another device via a communication network, wherein,
the control device is provided with:
a key acquisition unit configured to acquire, from a key distribution server via the communication network, an encryption key having a lifetime for performing encrypted communication with the other device;
an encryption communication unit configured to perform the encryption communication with the other device using the encryption key during the lifetime;
a server state detection unit configured to detect a key-unacquirable state in which the encryption key cannot be acquired by the key acquisition unit; and
and a lifetime extension unit configured to execute an extension process of extending the lifetime period when the key acquisition disabled state is detected.
According to the configuration of the above (1), the control device communicates with another control device, which is an HMI device (described later), an ACS (described later), or the like, which together constitutes the distributed control device, using the encryption key acquired from the key distribution server that distributes the encryption key such as the session key. In addition, when the key assignment server is in a state where the life of the encryption key cannot be extended (a key acquisition disabled state) due to a hardware failure, a network attack, or the like, the control device automatically extends the life of the encryption key used at that time without communicating with the key assignment server.
This prevents data communication from being disabled between a plurality of control devices constituting the distributed control device due to the end of the life of the encryption key. Therefore, it is possible to prevent the distributed control apparatus from failing to control the control target, and to prevent the operating rate of the control target from decreasing. Similarly, it is possible to prevent the failure of data communication with the HMI device or the like, and to prevent the plant from being stopped due to the failure of monitoring and operation of the industrial control system via the control device. Further, by encrypting communication between the control apparatuses constituting the distributed control apparatus using the encryption key having the lifetime limit, the distributed control apparatus can be protected from network attacks such as eavesdropping, tampering, impersonation, and the like.
(2) In some embodiments, in addition to the structure of the above (1),
the control device further includes a lifetime monitoring unit configured to determine the end of the lifetime period,
as the extension processing, the life extension unit executes processing so that the life monitoring unit does not determine the end of the life period.
According to the configuration of (2) above, the life of the encryption key can be appropriately extended.
(3) In some embodiments, in addition to the structure of the above (2),
the life monitoring unit is configured to count the life period,
the extension processing is processing for obtaining a state in which the count value of the life monitoring unit is returned to a predetermined value.
According to the configuration of the above (3), the process of extending the lifetime of the encryption key is a process of obtaining a state in which the count value of the lifetime is returned to a predetermined value. This can appropriately extend the life of the encryption key.
(4) In some embodiments, in addition to the configurations (1) to (3) described above,
the server state detection unit detects the key state that cannot be acquired based on a state notification periodically transmitted from the key distribution server or a communication status of the state notification.
According to the configuration of the above (4), the key distribution server periodically notifies the control device of the state of the own device, and the control device determines whether or not the encryption key from the key distribution server can be acquired (updated) based on the state information of the key distribution server notified from the key distribution server or the communication status of the state notification periodically performed. This makes it possible to appropriately detect the key non-acquirable state.
(5) In some embodiments, in addition to the configurations (1) to (4) described above,
the control device is a device constituting a distributed control device,
the control device further includes:
a storage unit configured to store the encryption key acquired by the key acquisition unit and the lifetime;
a key request receiving unit configured to receive a key request message requesting the encryption key, the key request message being transmitted from an addition control device to be newly added to the distributed control devices; and
a key notification unit that transmits the encryption key and the lifetime stored in the storage unit to the joining control apparatus that transmitted the key request message.
According to the configuration of the above (5), the control device notifies the encryption key in place of the key distribution server in response to a request from a control device (joining control device) to be newly joined to the distributed control device to which the own device belongs. Thus, even if the key distribution server is in a state where the key cannot be acquired due to a halt or the like, the joining control device can be joined to the distributed control device.
(6) In some embodiments, in addition to the structure of (5) above,
the key notification unit transmits the encryption key and the lifetime period to the joining control device when a predetermined condition is satisfied, the predetermined condition including a case where the server state detection unit detects that the key state cannot be acquired.
According to the configuration of the above (6), the control device transmits the encryption key to the joining control device on the condition that the self device detects that the key state cannot be acquired. This prevents the control device from transmitting the encryption key to the joining control device despite the fact that the key distribution server can distribute the encryption key.
(7) In some embodiments, in addition to the configurations (1) to (6) described above,
the encryption key is a session key.
According to the configuration of the above (7), the encryption key valid for the lifetime is a session key that is an encryption key encrypted by a valid public key as long as the encryption key is valid for the lifetime. By using the session key, the same effects as in (1) to (6) described above are achieved.
(8) An industrial control system according to at least one embodiment of the present invention includes:
the control device according to any one of (1) to (7) above;
and a key distribution server that distributes, to the control device and the other devices, encryption keys having a lifetime that are commonly used between the control device and the other devices, respectively.
According to the configuration of (8), the same effects as those of (1) above are achieved.
(9) In some embodiments, in addition to the structure of the above (8),
the key distribution server is redundant.
According to the configuration of the above (9), the reliability of the key assignment server can be improved. In addition, if at least one device constituting the key distribution server operates appropriately, it is possible to realize the addition of a control device (addition control device) to be newly added to the distributed control device.
(10) An encryption key life prolonging method according to at least one embodiment of the present invention is executed by a control device configured to communicate with another device via a communication network, wherein,
the encryption key life prolonging method comprises the following steps:
a key acquisition step of acquiring, from a key distribution server via the communication network, an encryption key having a lifetime for performing encrypted communication with the other device;
an encrypted communication step of performing the encrypted communication with the other apparatus using the encryption key within the lifetime;
a server state detection step of detecting a key-unavailable state in which the encryption key cannot be acquired in the key acquisition step; and
and a lifetime extension step of executing an extension process of extending the lifetime period when the key-unacquirable state is detected.
According to the configuration of (10), the same effects as those of (1) above are achieved.
Effects of the invention
According to at least one embodiment of the present invention, a distributed control apparatus having improved safety and reliability is provided.
Drawings
Fig. 1 is a diagram schematically showing the configuration of an Industrial Control System (ICS) according to an embodiment of the present invention.
Fig. 2 is a block diagram schematically showing the configuration of a control device of the distributed control device according to the embodiment of the present invention.
Fig. 3 is a block diagram schematically illustrating the configuration of a control device including a key request receiving unit and a key notification unit according to an embodiment of the present invention.
Fig. 4 is a simplified diagram showing a connection scheme of the distributed control apparatus and the key assignment server according to the embodiment of the present invention, and corresponds to the connection scheme in the control information network of fig. 1.
Fig. 5 is a timing chart of the joining control apparatus joining the distributed control apparatus according to the embodiment of the present invention.
Fig. 6 is a diagram showing an encryption key life extension method according to an embodiment of the present invention.
Detailed Description
Hereinafter, several embodiments of the present invention will be described with reference to the drawings. The dimensions, materials, shapes, relative arrangements, and the like of the constituent members described as the embodiments or shown in the drawings are not intended to limit the scope of the present invention to these, but are merely simple illustrative examples.
For example, a term "in a certain direction", "along a certain direction", "parallel", "orthogonal", "central", "concentric", or "coaxial" or the like indicates a relative or absolute arrangement, and indicates a state in which the relative or absolute arrangement is displaced relative to the arrangement with a tolerance, an angle or a distance to the extent that the same function can be obtained, as well as the arrangement as described above.
For example, expressions indicating states of equality such as "identical", "equal", and "homogeneous" indicate not only states of strict equality but also states of tolerance or difference in degree of obtaining the same function.
For example, the expression "shape" such as a square shape or a cylindrical shape means not only a shape strictly geometrically including a square shape or a cylindrical shape, but also a shape including a concave-convex portion, a chamfered portion, and the like within a range in which the same effect can be obtained.
On the other hand, the expressions "provided", "having", "including", or "having" one constituent element are not exclusive expressions excluding the existence of other constituent elements.
Fig. 1 is a diagram schematically showing the configuration of an industrial control system 8(ICS) according to an embodiment of the present invention.
The industrial control system 8 is a system for monitoring and controlling social infrastructure such as electric power, gas, and tap water, and plants such as power generation plants and chemical plants. The industrial control system 8 shown in fig. 1 is a control system for monitoring and controlling a plant such as a power generation plant, and includes a distributed control apparatus 10 including a plurality of control apparatuses 1 that perform automatic control of the plant and input/output processing with respect to a site while communicating with each other. Hereinafter, a case where the control device 1 is a device constituting the distributed control device 10 will be described as an example. However, the present invention is not limited thereto. In other embodiments, the control device 1 may not be a device constituting the distributed control device 10.
More specifically, as shown in fig. 1, each control device 1 is connected to an Input/Output Module (IOM 82: Input Output Module) connected to a plurality of field devices 81 installed in a plant via a control network N1. Instead of the IOM82, each control device 1 may be connected to a plc (programmable Logic controller) that controls the field device 81. The field device 81 is an operation terminal such as various sensors, valves (regulator valves, etc.), etc. that measure temperature, flow rate, pressure, etc. The control network N1 is a communication network N for connecting the field device 81 and the control apparatus 1. Each control device 1 collects plant data such as measurement data and event data obtained from sensors, performs various calculations using the collected plant data, and transmits the calculation results to the IOM82 or the like, thereby performing automatic control of the plant.
As shown in fig. 1, each control device 1 is connected to a control information network N2 constructed by, for example, ethernet (registered trademark). The control information network N2 is a communication network N such as an IP network connecting a computer device for controlling, monitoring, and managing a plant and the control device 1, and is connected to another network N3 such as an in-house LAN and the internet (external network) via a firewall (fire wall) device 85. For example, the control information network N2 is connected to an operator Station (OPS83) which is a Human Machine Interface (HMI) for operating and monitoring a plant, an ACS84(access Station) for storing and managing a large amount of plant data, and the like. When receiving a command or the like for the plant transmitted from the OPS83, a remote OPS (not shown) connected to the internet, or the like and communicated via the control information network N2, the control device 1 executes the command, executes a reply to the command response, or the like.
The industrial control system 8 is configured to perform encrypted communication between the plurality of control apparatuses 1. Therefore, as shown in fig. 1, the industrial control system 8 further includes a key distribution server 9. In the embodiment shown in fig. 1, the key distribution server 9 has a function of distributing an encryption key K (common key) commonly used among the plurality of control apparatuses 1 constituting the distributed control apparatus 10 to each of the plurality of control apparatuses 1. The key distribution server 9 may be a well-known Key Distribution Center (KDC). As shown in fig. 1, each control device 1 receives the distribution of the encryption key K from the key distribution server 9. Thus, each control device 1 can encrypt the communication data D using the encryption key K and transmit the encrypted communication data D to another control device 1, and can decrypt the encrypted communication data D received from another control device 1 using the encryption key K, thereby enabling encrypted communication between the plurality of control devices 1.
Each control apparatus 1 can perform encrypted communication with at least 1 of the other control apparatuses 1, OPS83, ACS84, and the like connected to the communication network N, and the key assignment server 9 can assign the encryption key K used between these apparatuses. In this case, the encryption key K used between the control apparatus 1 and the OPS83 and between the control apparatus 1 and the ACS84 may be the same or different.
The encryption key K has a predetermined life time T set by the key distribution server 9. For example, the encryption key K may be a well-known session key that is valid only for a certain period (lifetime period T) and used for public key encryption. Since the encryption key K has the lifetime T, each control device 1 cannot perform encrypted communication with another control device 1 or the like using the encryption key K after the lifetime T described above has elapsed. Therefore, each control device 1 acquires a new encryption key K from the key distribution server 9 before the lifetime T of the encryption key K that has already been distributed from the key distribution server 9 elapses. By updating the encryption key K to a new encryption key K as needed, it is possible to reduce the risk of the encrypted communication being illegally broken, and to perform communication (encrypted communication) between the control apparatuses 1 for a long time longer than each life time T of each encryption key K.
In the industrial control system 8 as described above, when the control device 1 cannot acquire the encryption key K from the key assignment server 9 (hereinafter, the key state cannot be acquired) due to some reason such as the key assignment server 9 being stopped by a malicious network attack such as a hardware failure or a DoS attack, the communication between the control devices 1 cannot be performed at the time when the lifetime period T of the encryption key K described above has elapsed. Thus, when the interlock operation for emergency stop of the control target such as a gas turbine or a boiler of the thermal power generation plant is performed via the field device 81, the operation rate of the control target is reduced. Therefore, the control device 1 is configured to automatically extend the lifetime T of the latest encryption key K used by the device itself when detecting that the key state cannot be acquired.
The control device 1 that automatically extends the life time T of the encryption key K will be described in detail below with reference to fig. 2 to 5. Fig. 2 is a block diagram schematically showing the configuration of the control device 1 of the distributed control device 10 according to the embodiment of the present invention. Hereinafter, a case where encrypted communication is performed between a plurality of control apparatuses 1 will be described as an example.
The control device 1 is a device constituting the distributed control device 10 in which a plurality of control devices 1 are connected via the communication network N, and exchanges communication data D with at least a part of 1 or a plurality of control devices 1 other than the own device by encrypted communication using the encryption key K distributed (acquired) from the key distribution server 9. As shown in fig. 2 (the same applies to fig. 4 described later), the control device 1 includes a key acquisition unit 2, an encryption communication unit 3, a server state detection unit 4, and a lifetime extension unit 5.
The functional units included in the control device 1 will be described with the encryption key K as a session key and the key distribution server 9 as a KDC server.
The control device 1 is constituted by a computer, for example. Specifically, the apparatus includes a CPU (processor), a memory such as a ROM or a RAM, and a storage unit m such as an external storage device, which are not shown. The CPU operates (calculates data) in accordance with a command of a program (control program or the like) loaded in the main memory device, thereby realizing each of the above-described functional units included in the control device 1. The encryption key K having the lifetime T distributed from the key distribution server 9 is stored in the storage unit m together with the lifetime T. The key distribution server 9 is also similarly constituted by a computer.
The key acquisition unit 2 is a functional unit configured to acquire the session key K having the lifetime T from the key distribution server 9 via the communication network N. More specifically, the key acquisition unit 2 is configured to periodically acquire the session key K from the key distribution server 9. For example, the Key acquisition unit 2 may acquire the session Key K by executing a cryptographic Key exchange protocol, such as ike (internet Key exchange) defined in RFC2409, with the Key distribution server 9. In the embodiment shown in fig. 1 to 2, the communication network N is the control information network N2 described above.
The encryption communication unit 3 is a functional unit configured to perform encryption communication with another control device 1 using the session key K in the lifetime period T. That is, when transmitting the communication data D to the other control apparatus 1, each control apparatus 1 encrypts and transmits the communication data D by using the session key K through the encryption communication unit 3. Conversely, when receiving the encrypted communication data D from another control apparatus 1, each control apparatus 1 obtains the communication data D by decrypting the communication data D with the same session key K as the session key K used for encryption by the encryption communication unit 3.
The server state detection unit 4 is a functional unit configured to detect a key state in which the above-described key acquisition unit 2 cannot acquire the session key K from the key distribution server 9. Specifically, the above-described key unacquirable state may be detected based on the content of a state notification S (described later) transmitted from the key assignment server 9, or may be detected based on the reception status of a response to a transmitted ping or the like. Alternatively, when the acquisition of the new encryption key K by the key acquisition unit 2 fails to be performed more than 1 retry number before the end of the lifetime period T, it may be determined that the key state cannot be acquired. Details of the status notification S will be described later.
The lifetime extension unit 5 is a functional unit configured to execute an extension process of extending the lifetime period T when the server state detection unit 4 detects that the key state cannot be acquired. When the server state detection unit 4 detects that the key state cannot be acquired, the key exchange protocol cannot be executed with the key distribution server 9. Therefore, the life extension unit 5 does not communicate with the key distribution server 9, and executes the process described below as the extension process described above. By this extension processing, the lifetime T of the latest session key that has already been acquired and can be used is extended, and therefore it is possible to avoid a situation in which communication with another control device 1 is not possible due to the end of the lifetime T.
According to the above configuration, the control device 1 constituting the distributed control device 10 communicates with another control device 1 constituting the distributed control device 10 by using the encryption key K acquired from the key distribution server 9 that distributes the encryption key K such as the session key K. In addition, when the key assignment server 9 is in a state where the life period T of the encryption key K cannot be extended (a key acquisition disabled state) due to a hardware failure, a network attack, or the like, the control device 1 automatically extends the life of the encryption key K used at that time without communicating with the key assignment server 9.
This prevents the data communication between the plurality of control devices 1 constituting the distributed control device 10 from becoming impossible due to the end of the life of the encryption key K. Therefore, it is possible to prevent the control target from being unable to be controlled by the distributed control apparatus 10 via the field device 81, and to prevent the operating rate of the control target from being lowered. Further, communication between the control apparatuses 1 constituting the distributed control apparatus 10 is performed by encrypting the encryption key K having the lifetime limit, so that the distributed control apparatus 10 can be protected from network attacks such as eavesdropping, falsification, impersonation, and the like.
Next, the extension process of the life extension section 5 will be specifically described.
In some embodiments, as shown in fig. 2, the control device 1 further includes a lifetime monitoring unit 6, and the lifetime monitoring unit 6 is configured to determine the end of the lifetime period T. As the extension processing described above, the lifetime extension unit 5 executes the processing so that the lifetime monitoring unit 6 does not determine the end of the lifetime period T. This can appropriately extend the life time T of the encryption key K.
Specifically, in some embodiments, the lifetime monitoring unit 6 may count the lifetime period T using a counter or the like. The lifetime monitoring unit 6 determines that the lifetime period T is completed when counting the number of times corresponding to the lifetime period T by an up-count or down-count.
In this case, in some embodiments, the extension process of causing the lifetime monitoring unit 6 not to determine the end of the lifetime period T may be a process of obtaining a state in which the count value of the lifetime monitoring unit 6 is returned to a predetermined value. That is, as the extension processing, the life extension unit 5 executes processing so that the count value of the life monitoring unit 6 is returned to a predetermined value. That is, when the lifetime monitoring unit 6 counts the lifetime period T by counting up, the current value (count value) of the counter may be subtracted by a predetermined value. When the lifetime monitoring unit 6 counts the lifetime period T by counting down, the current value of the counter may be added to a predetermined value. The predetermined value may be fixed in advance, or may be a value corresponding to a count value at the time of executing the extension processing, such as a half of the count value. Alternatively, the predetermined value may be a count value when the extension processing is executed, or the extension processing may be executed by resetting the counter value.
Thus, even if a period specified by the lifetime period T set in the key distribution server 9 or the like at the time of distributing the session key K has elapsed, the lifetime monitoring unit 6 does not determine the end of the lifetime period T. However, the present invention is not limited to the present embodiment. In some other embodiments, the life extension unit 5 may stop counting by the life monitoring unit 6 to perform the extension process. In some other embodiments, the life extension unit 5 may increase the total number (time) of counters to be counted as the life period T.
The lifetime extension unit 5 may repeat the extension process 1 or more times until the key state can not be released, and may appropriately perform a key exchange agreement with the key distribution server 9. Specifically, the count value may be compared with a preset threshold value, and the extension process may be executed when the count value matches the threshold value. This can extend the lifetime T to a recoverable period during which the key distribution server 9 that is down can recover, for example.
According to the above configuration, the life time T of the encryption key K is extended by returning the count value of the life time T to the predetermined value. This can appropriately extend the life time T of the encryption key K.
In some other embodiments, the lifetime extension section 5 may rewrite the lifetime period T stored in a predetermined storage area of the storage unit m provided in the control device 1 to execute the extension process. In this case, when the lifetime period T stored in the storage unit m is rewritten, if the storage area is re-read or the like, the lifetime monitoring unit 6 monitors the lifetime period T updated by the extension process. In this case, the life period T after the extension treatment may be longer than the life period T before the extension treatment. The extended lifetime period T may be a sufficiently long time to release the key-unacquired state, such as a recoverable period during which the key distribution server 9 that was down can recover.
Next, a method of detecting the key state unavailability by the server state detection unit 4 will be specifically described.
In some embodiments, the server state detection unit 4 may detect (determine) that the key state cannot be acquired based on the state notification S periodically transmitted from the key assignment server 9 or a communication status of the state notification S. In the state notification S, the key distribution server 9 actively notifies the control device 1 and the like of a state such as a normal state or an abnormal state of the device via the communication network N. If an abnormality occurs in the status notification S, the status notification S may include the contents of the abnormality (e.g., a hardware failure, an internal abnormality, etc.). The status notification S may be transmitted to a plurality of control devices 1 serving as destinations such as IP addresses designated in advance by multicast. However, the present invention is not limited to this embodiment, and the status notification S may be transmitted by broadcast in some other embodiments.
The control device 1 may determine whether or not the key state cannot be acquired based on the content of the state notification S periodically transmitted by the key assignment server 9. For example, in a situation where a response to the transmission of a ping is received, there may be a case where it is not possible to appropriately determine whether the function related to key assignment which the key assignment server 9 has is normal or abnormal, but by performing determination based on the content of the status notification S, it is possible to perform more appropriate determination. Further, the control device 1 may determine whether or not the key state cannot be acquired based on the communication status of the state notification S, such as determining that the key state cannot be acquired when the state notification S to be periodically performed cannot be received more than once a certain number of times. At this time, since there is a possibility that an abnormality of the communication network N itself may cause, it may be determined that the key state cannot be acquired only when communication with another control device 1 is possible. Each control device 1 may transmit the state notification notifying the state of the control device 1 as described above to the other control devices 1 and the key assignment server 9.
According to the above configuration, the key distribution server 9 periodically notifies the control device 1 of the state of the device, and the control device 1 determines whether or not the encryption key K from the key distribution server 9 can be acquired (updated) based on the state information of the key distribution server 9 notified from the key distribution server 9 or the communication status of the state notification S performed periodically. This makes it possible to appropriately detect the key non-acquirable state.
In the above description, the present invention is described taking a case where encrypted communication is performed between a plurality of control apparatuses 1 as an example. However, the present invention is not limited to the above-described embodiments. In other embodiments, the present invention can be applied to a case where the control device 1 performs encrypted communication with another device such as the OPS83 or the ACS84 connected to the communication network N. In this case, the other control apparatuses 1 performing encrypted communication with the control apparatus 1 in the above description may be replaced with other apparatuses such as the OPS83 and the ACS84, and thus the description thereof will be omitted.
Next, with reference to fig. 3 to 5, several embodiments of other functional units that the control device 1 can include when constituting the distributed control device 10 and the key assignment server 9 will be described. Fig. 3 is a block diagram schematically illustrating the configuration of the control device 1 including the key request receiving unit 71 and the key notifying unit 72 according to the embodiment of the present invention. Fig. 4 is a simplified diagram showing the connection scheme of the distributed control apparatus 10 and the key assignment server 9 according to the embodiment of the present invention, and corresponds to the connection scheme in the control information network N2 in fig. 1. Fig. 5 is a timing chart of the case where the joining control apparatus 1n joins the distributed control apparatus 10 according to the embodiment of the present invention.
In some embodiments, as shown in fig. 3, the control device 1 may further include: a storage unit m (described above) configured to store the encryption key K acquired by the key acquisition unit 2 and the lifetime period T; a key request receiving unit 71 configured to receive a key request message R requesting an encryption key K, which is transmitted from a control device 1 (hereinafter, referred to as a joining control device 1n) to be newly joined to the distributed control device 10; and a key notification unit 72 that transmits the encryption key K and the lifetime T stored in the storage unit m to the joining control device 1n that transmitted the key request message R.
In the embodiments shown in fig. 3 to 5, as shown in fig. 4 to 5, the joining control apparatus 1N is connected to the control information network N2, and then starts a key exchange protocol with the key assignment server 9 in order to join the distributed control apparatus 10 (S51 in fig. 5). However, since the key distribution server 9 is, for example, stopped (the key state cannot be acquired), the same session key K as the session key K used between the existing control apparatuses 1 of the distributed control apparatus 10 cannot be acquired from the key distribution server 9. In this case, the joining control apparatus 1n transmits the key request message R to at least one control apparatus 1 among the plurality of control apparatuses 1 that have joined the distributed control apparatus 10 (S52 of fig. 5). Specifically, the joining control apparatus 1n may transmit the key request message R (IP packet) addressed to a destination address (IP address or the like) stored in advance in the storage unit m of the own apparatus. Alternatively, the joining control apparatus 1n may transmit the key request message R by broadcasting, and may transmit the key request message R to the joining control apparatus 1 belonging to the same broadcast domain.
Subsequently, the control device 1 that has received the joining completion of the key request message R transmits a key response message Rr including the encryption key K and the lifetime period T (S53 in fig. 5). In this case, in some embodiments, the key notification unit 72 of the joining control apparatus 1 may transmit the encryption key K and the lifetime period T to the joining control apparatus 1n only when a predetermined condition is satisfied. The predetermined condition may include a case where the server state detection unit 4 of the present apparatus detects that the key state cannot be acquired. That is, the control device 1 transmits the encryption key K to the joining control device 1n on the condition that the device itself detects that the key state cannot be acquired. This prevents the control device 1 from transmitting the encryption key K to the joining control device 1n despite the fact that the key assignment server 9 can assign the encryption key K. Thus, the joining control device 1n can perform encrypted communication with a plurality of other control devices 1 by acquiring the encryption key K and the lifetime period T, and can join the distributed control device 10.
However, the present invention is not limited to the present embodiment. In some other embodiments, the joining control apparatus 1n may transmit the key request message R without receiving the status notification S periodically transmitted by the key assignment server 9. In this case, the key assignment server 9 may register information (such as an IP address) of the joining control apparatus 1n as an assignment destination of the encryption key K.
According to the above configuration, the control device 1 notifies the encryption key K in place of the key assignment server 9 in response to a request from the control device 1 (joining control device 1n) to be newly joined to the distributed control device 10 to which the own device belongs. Thus, even if the key distribution server 9 is in a state where the key cannot be acquired due to the shutdown, the joining control apparatus 1n can be joined to the distributed control apparatus 10.
In some embodiments, the key distribution server 9 may be made redundant as shown in fig. 4. In the embodiment shown in fig. 4, the key distribution server 9 is duplicated. This can improve the reliability of the key assignment server 9. In addition, if at least one device constituting the key assignment server 9 operates appropriately, it is possible to realize the joining of the control device 1 (joining control device 1n) to be newly joined to the distributed control device 10.
Hereinafter, an encryption key life prolonging method corresponding to the processing executed by the control device 1 will be described with reference to fig. 6. Fig. 6 is a diagram showing an encryption key life extension method according to an embodiment of the present invention.
The encryption key life prolonging method is a method which is executed by the control device 1 communicating with the other device via the communication network N, such as a method which is executed by the control device 1 of the distributed control device 10 in which a plurality of control devices 1 are connected via the communication network N. As shown in fig. 6, the encryption key lifetime extension method includes: a key acquisition step of acquiring the encryption key K having the lifetime T from the key distribution server 9 via the communication network N; an encrypted communication step in which an encryption key K within the lifetime period T performs encrypted communication with another device (another control device 1 or the like); a server state detection step of detecting the key state that cannot be acquired; and a lifetime extension step of executing an extension process of extending the lifetime period T when the key-unavailable state is detected. These key acquisition step, encryption communication step, server state detection step, and lifetime extension step are the same as the processing contents executed by the key acquisition unit 2, encryption communication unit 3, server state detection unit 4, and lifetime extension unit 5, which have been described above, respectively, and therefore detailed description thereof is omitted.
In the embodiment shown in fig. 6, a key acquisition step is executed in step S1 to acquire a session key K (lifetime T and encryption key K). The encrypted communication step is performed in step S2. That is, encrypted communication is performed with other devices using the session key K acquired in step S1. And, when the session key K used in step S2 is valid, in step S3, a server state detection step is performed. As a result, when the key state is detected to be unavailable, the above-described extension process is executed at any time before the life period T elapses in step S4. The key state may be detected immediately after the key state is not acquired, or may be detected before a predetermined period of time after the lifetime period T is ended. On the contrary, when it is not detected in step S3 that the key state cannot be acquired, in step S5, encrypted communication with another device is continued (executed) using the session key K after the extension processing.
When the key assignment server 9 recovers and can assign the session key K in the execution of step S5, encrypted communication based on the session key K assigned after recovery is performed.
The present invention is not limited to the above-described embodiments, and includes embodiments obtained by modifying the above-described embodiments and embodiments obtained by appropriately combining these embodiments.
Description of reference numerals:
10 … decentralized control device;
1 … control device;
1n … adding a control device;
an m … storage section;
2 … key acquisition unit;
3 … encryption communication part;
4 … server state detection unit;
5 … life extension;
6 … life monitoring unit;
71 … key request receiving part;
72 … key notification unit;
8 … industrial control system;
81 … field devices;
82...IOM;
83...OPS;
84...ACS;
85 … firewall device;
9 … key distribution server;
an N … communications network;
n1 … controls the network;
n2 … control information networks;
n3 … other networks;
k … encryption key (session key);
t … life time;
s … status notification;
d … communication data;
r … key request message;
rr … key response message.
Claims (10)
1. A control device configured to communicate with another device via a communication network,
the control device is provided with:
a key acquisition unit configured to acquire, from a key distribution server via the communication network, an encryption key having a lifetime for performing encrypted communication with the other device;
an encryption communication unit configured to perform the encryption communication with the other device using the encryption key during the lifetime;
a server state detection unit configured to detect a key-unacquirable state in which the encryption key cannot be acquired by the key acquisition unit; and
and a lifetime extension unit configured to execute an extension process of extending the lifetime period when the key acquisition disabled state is detected.
2. The control device according to claim 1,
the control device further includes a lifetime monitoring unit configured to determine the end of the lifetime period,
as the extension processing, the life extension unit executes processing so that the life monitoring unit does not determine the end of the life period.
3. The control device according to claim 2,
the life monitoring unit is configured to count the life period,
the extension processing is processing for obtaining a state in which the count value of the life monitoring unit is returned to a predetermined value.
4. The control device according to any one of claims 1 to 3,
the server state detection unit detects the key state that cannot be acquired based on a state notification periodically transmitted from the key distribution server or a communication status of the state notification.
5. The control device according to any one of claims 1 to 4,
the control device is a device constituting a distributed control device,
the control device further includes:
a storage unit configured to store the encryption key acquired by the key acquisition unit and the lifetime;
a key request receiving unit configured to receive a key request message requesting the encryption key, the key request message being transmitted from an addition control device to be newly added to the distributed control devices; and
a key notification unit that transmits the encryption key and the lifetime stored in the storage unit to the joining control apparatus that transmitted the key request message.
6. The control device according to claim 5,
the key notification unit transmits the encryption key and the lifetime period to the joining control device when a predetermined condition is satisfied, the predetermined condition including a case where the server state detection unit detects that the key state cannot be acquired.
7. The control device according to any one of claims 1 to 6,
the encryption key is a session key.
8. An industrial control system is characterized in that,
the industrial control system includes:
the control device of any one of claims 1 to 7; and
and a key distribution server that distributes, to the control device and the other devices, encryption keys having a lifetime that are commonly used between the control device and the other devices, respectively.
9. The industrial control system according to claim 8,
the key distribution server is redundant.
10. A method for extending a lifetime of an encryption key, which is executed by a control device configured to communicate with another device via a communication network,
the encryption key life prolonging method comprises the following steps:
a key acquisition step of acquiring, from a key distribution server via the communication network, an encryption key having a lifetime for performing encrypted communication with the other device;
an encrypted communication step of performing the encrypted communication with the other apparatus using the encryption key within the lifetime;
a server state detection step of detecting a key-unavailable state in which the encryption key cannot be acquired in the key acquisition step; and
and a lifetime extension step of executing an extension process of extending the lifetime period when the key-unacquirable state is detected.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2019-025256 | 2019-02-15 | ||
| JP2019025256A JP7300845B2 (en) | 2019-02-15 | 2019-02-15 | Control device, industrial control system, and encryption key life extension method |
| PCT/JP2019/040624 WO2020166132A1 (en) | 2019-02-15 | 2019-10-16 | Control device, industrial control system and encryption key life extending method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113169865A true CN113169865A (en) | 2021-07-23 |
| CN113169865B CN113169865B (en) | 2024-01-09 |
Family
ID=72045252
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201980077412.6A Active CN113169865B (en) | 2019-02-15 | 2019-10-16 | Control device, industrial control system, and encryption key lifetime extension method |
Country Status (5)
| Country | Link |
|---|---|
| US (1) | US11956355B2 (en) |
| JP (1) | JP7300845B2 (en) |
| CN (1) | CN113169865B (en) |
| DE (1) | DE112019005250T5 (en) |
| WO (1) | WO2020166132A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR102401460B1 (en) * | 2017-05-09 | 2022-05-24 | 니폰 덴신 덴와 가부시끼가이샤 | Key delivery system and method, key generating apparatus, representative user terminal, server apparatus, user terminal and program |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005125082A1 (en) * | 2004-06-22 | 2005-12-29 | Matsushita Electric Industrial Co., Ltd. | Communication system and communication apparatus |
| US20070016663A1 (en) * | 2005-07-14 | 2007-01-18 | Brian Weis | Approach for managing state information by a group of servers that services a group of clients |
| CN1929373A (en) * | 2006-10-19 | 2007-03-14 | 中控科技集团有限公司 | Industrial safety control system and control method thereof |
| CN1960247A (en) * | 2006-11-29 | 2007-05-09 | 中控科技集团有限公司 | Method for encrypting and decrypting industrial control data |
| CN1964254A (en) * | 2005-11-11 | 2007-05-16 | 华为技术有限公司 | A method to refresh secret key |
| CN101272243A (en) * | 2007-02-05 | 2008-09-24 | 英飞凌科技股份公司 | Traffic encryption key generating method, method for data transmission and corresponding device |
| US20090240947A1 (en) * | 2008-01-07 | 2009-09-24 | Arvind Goyal | System and method for securely accessing mobile data |
| US20090240944A1 (en) * | 2006-12-08 | 2009-09-24 | Electronics And Telecommunications Research Institute | Generation method and update method of authorization key for mobile communication |
| US20140122882A1 (en) * | 2012-10-26 | 2014-05-01 | Nokia Corporation | Methods and apparatus for data security in mobile ad hoc networks |
| CN105794146A (en) * | 2014-11-13 | 2016-07-20 | 松下电器(美国)知识产权公司 | Key management method, vehicle-mounted network system and key management device |
| US20160285636A1 (en) * | 2015-03-27 | 2016-09-29 | Comcast Cable Communications, Llc | Methods And Systems For Key Generation |
| US9552485B1 (en) * | 2014-10-21 | 2017-01-24 | Amazon Technologies, Inc. | Cryptographic material renewal |
| US20170171750A1 (en) * | 2006-06-26 | 2017-06-15 | Mlr, Llc. | Security system for handheld wireless devices using time-variable encryption keys |
| US20180278418A1 (en) * | 2016-08-04 | 2018-09-27 | Macronix International Co., Ltd. | Physical unclonable function for security key |
| US10110382B1 (en) * | 2014-09-02 | 2018-10-23 | Amazon Technologies, Inc. | Durable cryptographic keys |
| WO2018235845A1 (en) * | 2017-06-21 | 2018-12-27 | 日本電信電話株式会社 | Key exchange system and key exchange method |
Family Cites Families (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2787264B1 (en) * | 1998-12-15 | 2001-11-02 | Bull Sa | METHOD FOR CREATING AND MANAGING AT LEAST ONE CRYPTOGRAPHIC KEY AND SYSTEM FOR IMPLEMENTING IT |
| US7149893B1 (en) * | 1999-09-07 | 2006-12-12 | Poofaway.Com, Inc. | System and method for enabling the originator of an electronic mail message to preset an expiration time, date, and/or event, and to control processing or handling by a recipient |
| US6940979B1 (en) * | 2000-11-09 | 2005-09-06 | Nortel Networks Limited | Management of certificates for public key infrastructure |
| US7203310B2 (en) | 2001-12-04 | 2007-04-10 | Microsoft Corporation | Methods and systems for cryptographically protecting secure content |
| US20040138910A1 (en) | 2002-10-30 | 2004-07-15 | Yohichiroh Matsuno | Service providing apparatus, service providing method and computer-readable storage medium |
| JP2004171524A (en) | 2002-10-30 | 2004-06-17 | Ricoh Co Ltd | Service providing device, service providing method, service providing program and recording medium |
| JP2004171525A (en) | 2002-10-30 | 2004-06-17 | Ricoh Co Ltd | Service providing device, service providing method, service providing program and recording medium |
| US7707406B2 (en) * | 2002-11-08 | 2010-04-27 | General Instrument Corporation | Certificate renewal in a certificate authority infrastructure |
| TWI262011B (en) * | 2003-11-06 | 2006-09-11 | Buffalo Inc | System, access point and method for setting of encryption key and authentication code |
| JP4649865B2 (en) * | 2003-11-06 | 2011-03-16 | ソニー株式会社 | Information processing apparatus, information recording medium, information processing method, and computer program |
| US7743069B2 (en) * | 2004-09-03 | 2010-06-22 | Sybase, Inc. | Database system providing SQL extensions for automated encryption and decryption of column data |
| WO2006033347A1 (en) * | 2004-09-21 | 2006-03-30 | Matsushita Electric Industrial Co., Ltd. | Confidential information processing method, confidential information processing device, and content data reproducing device |
| US8291224B2 (en) * | 2005-03-30 | 2012-10-16 | Wells Fargo Bank, N.A. | Distributed cryptographic management for computer systems |
| US8295492B2 (en) * | 2005-06-27 | 2012-10-23 | Wells Fargo Bank, N.A. | Automated key management system |
| US8108670B2 (en) * | 2006-07-13 | 2012-01-31 | Intel Corporation | Client apparatus and method with key manager |
| JP4379483B2 (en) * | 2007-04-05 | 2009-12-09 | 富士ゼロックス株式会社 | Information processing apparatus and program |
| AU2008240065A1 (en) * | 2007-04-12 | 2008-10-23 | Landon Curt Noll | Method and system for identifying and managing encryption keys |
| US8681990B2 (en) * | 2008-03-28 | 2014-03-25 | International Business Machines Corporation | Renewal management for data items |
| US8423761B2 (en) * | 2008-10-31 | 2013-04-16 | Motorola Solutions, Inc. | Method and device for enabling a trust relationship using an expired public key infrastructure (PKI) certificate |
| US9130758B2 (en) * | 2009-11-10 | 2015-09-08 | Red Hat, Inc. | Renewal of expired certificates |
| JP2011221846A (en) | 2010-04-12 | 2011-11-04 | Mitsubishi Heavy Ind Ltd | Access monitoring device, access monitoring method and program thereof |
| JP2012226680A (en) | 2011-04-22 | 2012-11-15 | Internatl Business Mach Corp <Ibm> | Management system, management method and management program for managing industrial control system |
| US9087191B2 (en) * | 2012-08-24 | 2015-07-21 | Vmware, Inc. | Method and system for facilitating isolated workspace for applications |
| US9306751B2 (en) * | 2013-04-30 | 2016-04-05 | Kathie Wilson | Secure time and crypto system |
| US9465947B2 (en) * | 2013-08-05 | 2016-10-11 | Samsung Sds America, Inc. | System and method for encryption and key management in cloud storage |
| JP6043738B2 (en) | 2014-01-30 | 2016-12-14 | 株式会社日立製作所 | Key management apparatus and key management method |
| US9251334B1 (en) * | 2014-01-30 | 2016-02-02 | Amazon Technologies, Inc. | Enabling playback of media content |
| US10320757B1 (en) * | 2014-06-06 | 2019-06-11 | Amazon Technologies, Inc. | Bounded access to critical data |
| US10003584B1 (en) * | 2014-09-02 | 2018-06-19 | Amazon Technologies, Inc. | Durable key management |
| US9843446B2 (en) * | 2014-10-14 | 2017-12-12 | Dropbox, Inc. | System and method for rotating client security keys |
| US9843452B2 (en) * | 2014-12-15 | 2017-12-12 | Amazon Technologies, Inc. | Short-duration digital certificate issuance based on long-duration digital certificate validation |
| US10673628B1 (en) * | 2017-04-27 | 2020-06-02 | EMC IP Holding Company LLC | Authentication and authorization token management using life key service |
| JP6456451B1 (en) * | 2017-09-25 | 2019-01-23 | エヌ・ティ・ティ・コミュニケーションズ株式会社 | COMMUNICATION DEVICE, COMMUNICATION METHOD, AND PROGRAM |
| EP3518489A1 (en) * | 2018-01-26 | 2019-07-31 | Siemens Aktiengesellschaft | Method and system for disclosing at least one cryptographic key |
| US10965449B2 (en) * | 2018-05-31 | 2021-03-30 | Microsoft Technology Licensing, Llc | Autonomous secrets management for a key distribution service |
| US11397823B1 (en) * | 2019-06-26 | 2022-07-26 | Amazon Technologies, Inc. | Remote hardware access service |
-
2019
- 2019-02-15 JP JP2019025256A patent/JP7300845B2/en active Active
- 2019-10-16 CN CN201980077412.6A patent/CN113169865B/en active Active
- 2019-10-16 US US17/289,042 patent/US11956355B2/en active Active
- 2019-10-16 WO PCT/JP2019/040624 patent/WO2020166132A1/en active Application Filing
- 2019-10-16 DE DE112019005250.0T patent/DE112019005250T5/en active Pending
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005125082A1 (en) * | 2004-06-22 | 2005-12-29 | Matsushita Electric Industrial Co., Ltd. | Communication system and communication apparatus |
| US20070016663A1 (en) * | 2005-07-14 | 2007-01-18 | Brian Weis | Approach for managing state information by a group of servers that services a group of clients |
| CN1964254A (en) * | 2005-11-11 | 2007-05-16 | 华为技术有限公司 | A method to refresh secret key |
| US20170171750A1 (en) * | 2006-06-26 | 2017-06-15 | Mlr, Llc. | Security system for handheld wireless devices using time-variable encryption keys |
| CN1929373A (en) * | 2006-10-19 | 2007-03-14 | 中控科技集团有限公司 | Industrial safety control system and control method thereof |
| CN1960247A (en) * | 2006-11-29 | 2007-05-09 | 中控科技集团有限公司 | Method for encrypting and decrypting industrial control data |
| US20090240944A1 (en) * | 2006-12-08 | 2009-09-24 | Electronics And Telecommunications Research Institute | Generation method and update method of authorization key for mobile communication |
| CN101272243A (en) * | 2007-02-05 | 2008-09-24 | 英飞凌科技股份公司 | Traffic encryption key generating method, method for data transmission and corresponding device |
| US20090240947A1 (en) * | 2008-01-07 | 2009-09-24 | Arvind Goyal | System and method for securely accessing mobile data |
| US20140122882A1 (en) * | 2012-10-26 | 2014-05-01 | Nokia Corporation | Methods and apparatus for data security in mobile ad hoc networks |
| US10110382B1 (en) * | 2014-09-02 | 2018-10-23 | Amazon Technologies, Inc. | Durable cryptographic keys |
| US9552485B1 (en) * | 2014-10-21 | 2017-01-24 | Amazon Technologies, Inc. | Cryptographic material renewal |
| CN105794146A (en) * | 2014-11-13 | 2016-07-20 | 松下电器(美国)知识产权公司 | Key management method, vehicle-mounted network system and key management device |
| US20160285636A1 (en) * | 2015-03-27 | 2016-09-29 | Comcast Cable Communications, Llc | Methods And Systems For Key Generation |
| US20180278418A1 (en) * | 2016-08-04 | 2018-09-27 | Macronix International Co., Ltd. | Physical unclonable function for security key |
| WO2018235845A1 (en) * | 2017-06-21 | 2018-12-27 | 日本電信電話株式会社 | Key exchange system and key exchange method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113169865B (en) | 2024-01-09 |
| US20210409212A1 (en) | 2021-12-30 |
| DE112019005250T5 (en) | 2021-08-26 |
| US11956355B2 (en) | 2024-04-09 |
| JP2020136793A (en) | 2020-08-31 |
| WO2020166132A1 (en) | 2020-08-20 |
| JP7300845B2 (en) | 2023-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10270745B2 (en) | Securely transporting data across a data diode for secured process control communications | |
| US10257163B2 (en) | Secured process control communications | |
| US10530748B2 (en) | Publishing data across a data diode for secured process control communications | |
| US9203800B2 (en) | Communication method, node, and network system | |
| CN103782566A (en) | Communication protocols | |
| CN102150392A (en) | Method for transmitting data between network nodes | |
| CN102891750A (en) | Process control system | |
| US11303453B2 (en) | Method for securing communication without management of states | |
| JP6456929B2 (en) | Securing communications within network endpoints | |
| KR101538147B1 (en) | Distributive automation system applied to security module and method using the thereof | |
| CN113169865B (en) | Control device, industrial control system, and encryption key lifetime extension method | |
| JP7191726B2 (en) | Communication controller and communication system | |
| JP2015035724A (en) | Network control device | |
| KR20190045575A (en) | Method and apparatus for autonomous mutual authentication between devices in wireless communication system | |
| JP2009290378A (en) | Secret key distribution method and secret key distribution system | |
| KR20170096780A (en) | System and method for interlocking of intrusion information | |
| EP3979078B1 (en) | System and method for secure connections in a high availability industrial controller | |
| CN100596350C (en) | Method for encrypting and decrypting industrial control data | |
| CN112514322A (en) | Method for managing keys inside a vehicle | |
| CN106713295B (en) | Medical image transmission method and device | |
| CN112840602B (en) | Method and control system for monitoring a plurality of devices in an SNMP-based network | |
| JP7191727B2 (en) | Communication controller and communication system | |
| JP7278807B2 (en) | Communication controller and communication system | |
| JP2010016522A (en) | Communication system | |
| US20120246524A1 (en) | Debugging aid for secure wireless systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220505 Address after: Tokyo Applicant after: MITSUBISHI HEAVY INDUSTRIES, Ltd. Address before: Kanagawa County, Japan Applicant before: Mitsubishi Power Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |